Remember the Facebook hack last week that compromised at least 50m accounts? It’s worse than you think.

Last Friday, the social media company revealed a vulnerability that allowed attackers to steal automated log-in credentials (or “tokens”).

The tokens make it easier for people to log into popular apps and services like Spotify, Pinterest or Yelp. The flaw, which has been present since July 2017, was discovered last month after Facebook engineers noticed unusual login activity.

While the scope of that attack is still being discovered, independent researchers say the damage could extend far beyond Facebook’s borders.

Jason Polakis, an assistant professor of computer science at the University of Illinois at Chicago, recently co-authored a paper on vulnerabilities in Single Sign-On (SSO) systems, similar to the one used by Facebook.

Polakis says the token breach affects far more than Facebook – it’s a potential backdoor to thousands of third-party apps and websites.

Odds are, you may have a lot of apps to clean up – after you delete the old FB account.